PDA

View Full Version : i am need some help manually removing a globleroot\systemroot\system32\MSIVX



otr_trucker07
2009-07-07, 05:47
i have ran GMER to get my logs and this is what it gave me when i opened it and when i did a full scan on my comp. can someone please help me to remove this virus. it will not even allow me to put macafee on my comp till its gone. and it is blocking a lot of other programs i need. PLEASE HELP ME


GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-06 22:22:49
Windows 6.0.6001 Service Pack 1


---- System - GMER 1.0.15 ----

Code 870F8110 ZwEnumerateKey
Code 872373F8 ZwFlushInstructionCache
Code 86FD5505 IofCallDriver
Code 8717524E IofCompleteRequest

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 893E3DE0
Device \FileSystem\Ntfs \Ntfs 856B3978
Device \FileSystem\Ntfs \Ntfs 899AFE00
Device \FileSystem\Ntfs \Ntfs 855A0BA0
Device \FileSystem\Ntfs \Ntfs 89487188
Device \FileSystem\Ntfs \Ntfs 88BBE0E0
Device \FileSystem\Ntfs \Ntfs 857BDB00
Device \FileSystem\fastfat \Fat 856C6DD8
Device \FileSystem\fastfat \Fat 88FF3990
Device \FileSystem\fastfat \Fat 8503CAD0
Device \FileSystem\fastfat \Fat 855C8180
Device \FileSystem\fastfat \Fat 854135D0
Device \FileSystem\fastfat \Fat 89487820
Device \FileSystem\fastfat \Fat 8959AF78

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Ip SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS
AttachedDevice \Driver\tdx \Device\RawIp SYMTDI.SYS

---- Threads - GMER 1.0.15 ----

Thread 6gxwl.exe [4312:2308] SSDT 0x898EE1A8 != 0x81EFB8E0
Thread 6gxwl.exe [4312:3808] SSDT 0x898EE1A8 != 0x81EFB8E0

---- Services - GMER 1.0.15 ----

Service C:\Windows\system32\drivers\MSIVXstrwtxjhcukoqvcpqnpymtqpymmxknnb.sys (*** hidden *** ) [SYSTEM] MSIVXserv.sys <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----



This was the full scan

otr_trucker07
2009-07-07, 05:52
---- Services - GMER 1.0.15 ----

Service C:\Windows\system32\drivers\MSIVXstrwtxjhcukoqvcpqnpymtqpymmxknnb.sys (*** hidden *** ) [SYSTEM] MSIVXserv.sys <-ROOTKIT !!!
---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ???)?????????f???????????e??LocalSystem?t???HidUsb??????? ???????f?????????????????????????? ??????f????v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|LPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=Windows Media Player Network Sharing Service (UPnP-In)|Desc=@FirewallAPI.dll,-31280|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|??=??v2.0|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=Windows Media Player Network Sharing Service (UPnP-Out)|Desc=@FirewallAPI.dll,-31284|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|???????????????f??????????????v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|LPort=10243|RA4=LocalSubnet|RA6=LocalSubnet|App=System|Name=Windows Media Player Network Sharing Service (HTTP-Streaming-In)|Desc=@FirewallAPI.dll,-31288|EmbedCtxt=@FirewallAPI.dll,-31252|Edge=FALSE|???-?????????1??????N??f????????D???X?{745a17a0-74d3-11d0-b6fe-00a0c90f57da}????8??????f???????e??HidUsb???????f?f\J(???N??f?????
Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys@imagepath \systemroot\system32\drivers\MSIVXstrwtxjhcukoqvcpqnpymtqpymmxknnb.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys\modules@MSIVXserv \\?\globalroot\systemroot\system32\drivers\MSIVXstrwtxjhcukoqvcpqnpymtqpymmxknnb.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys\modules@MSIVXl \\?\globalroot\systemroot\system32\MSIVXuqcjydchweecwkqirhnpbrnbxfbcfbvs.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys\modules@MSIVXclk \\?\globalroot\systemroot\system32\MSIVXwwtkrhumvuamcvxpewphsmaehjlwgduk.dll
Reg HKLM\SYSTEM\ControlSet002\Services\MSIVXserv.sys
Reg HKLM\SYSTEM\ControlSet002\Services\MSIVXserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\MSIVXserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\MSIVXserv.sys@imagepath \systemroot\system32\drivers\MSIVXstrwtxjhcukoqvcpqnpymtqpymmxknnb.sys
Reg HKLM\SYSTEM\ControlSet002\Services\MSIVXserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\MSIVXserv.sys\modules
Reg HKLM\SYSTEM\ControlSet002\Services\MSIVXserv.sys\modules@MSIVXserv \\?\globalroot\systemroot\system32\drivers\MSIVXstrwtxjhcukoqvcpqnpymtqpymmxknnb.sys
Reg HKLM\SYSTEM\ControlSet002\Services\MSIVXserv.sys\modules@MSIVXl \\?\globalroot\systemroot\system32\MSIVXuqcjydchweecwkqirhnpbrnbxfbcfbvs.dll
Reg HKLM\SYSTEM\ControlSet002\Services\MSIVXserv.sys\modules@MSIVXclk \\?\globalroot\systemroot\system32\MSIVXwwtkrhumvuamcvxpewphsmaehjlwgduk.dll
Reg HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys
Reg HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys@imagepath \systemroot\system32\drivers\MSIVXstrwtxjhcukoqvcpqnpymtqpymmxknnb.sys
Reg HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys\modules
Reg HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys\modules@MSIVXserv \\?\globalroot\systemroot\system32\drivers\MSIVXstrwtxjhcukoqvcpqnpymtqpymmxknnb.sys
Reg HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys\modules@MSIVXl \\?\globalroot\systemroot\system32\MSIVXuqcjydchweecwkqirhnpbrnbxfbcfbvs.dll
Reg HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys\modules@MSIVXclk \\?\globalroot\systemroot\system32\MSIVXwwtkrhumvuamcvxpewphsmaehjlwgduk.dll
Reg HKLM\SYSTEM\ControlSet004\Services\MSIVXserv.sys
Reg HKLM\SYSTEM\ControlSet004\Services\MSIVXserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet004\Services\MSIVXserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet004\Services\MSIVXserv.sys@imagepath \systemroot\system32\drivers\MSIVXstrwtxjhcukoqvcpqnpymtqpymmxknnb.sys
Reg HKLM\SYSTEM\ControlSet004\Services\MSIVXserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet004\Services\MSIVXserv.sys\modules
Reg HKLM\SYSTEM\ControlSet004\Services\MSIVXserv.sys\modules@MSIVXserv \\?\globalroot\systemroot\system32\drivers\MSIVXstrwtxjhcukoqvcpqnpymtqpymmxknnb.sys
Reg HKLM\SYSTEM\ControlSet004\Services\MSIVXserv.sys\modules@MSIVXl \\?\globalroot\systemroot\system32\MSIVXuqcjydchweecwkqirhnpbrnbxfbcfbvs.dll
Reg HKLM\SYSTEM\ControlSet004\Services\MSIVXserv.sys\modules@MSIVXclk \\?\globalroot\systemroot\system32\MSIVXwwtkrhumvuamcvxpewphsmaehjlwgduk.dll

---- Files - GMER 1.0.15 ----

File C:\Users\Jason\AppData\Local\Temp\MPSampleSubmit\msivxstrwtxjhcukoqvcpqnpymtqpymmxknnb.sys.xor 78336 bytes
File C:\Users\Jason\AppData\Local\Temp\MPSampleSubmit\msivxstrwtxjhcukoqvcpqnpymtqpymmxknnb_1.sys.xor 78336 bytes
File C:\Windows\System32\drivers\MSIVXstrwtxjhcukoqvcpqnpymtqpymmxknnb.sys 78336 bytes executable <-- ROOTKIT !!!
File C:\Windows\System32\MSIVXcount 4 bytes
File C:\Windows\System32\MSIVXuqcjydchweecwkqirhnpbrnbxfbcfbvs.dll 0 bytes
File C:\Windows\System32\MSIVXwwtkrhumvuamcvxpewphsmaehjlwgduk.dll 0 bytes

---- EOF - GMER 1.0.15 ----